Cloud computing is a new paradigm to deliver
services over the Internet. Data Security is the most critical issues
in a cloud computing environment. Authentication is a key
mechanism for information security that establish proof of
identities to get access of information in the system.
Authorization is an important identity service to avoid
unauthorized access to cloud resources. According to various
researches, access control and user authentication are the most
important security concerns and challenging issues in cloudbased
environments. In this context, in order to prevent the
unauthorized access of the distributed system components,
authentication and authorization functions are to be enforced
effectively. In this paper, we make an analysis of various
mechanisms for access control in cloud environment and
identified various issues during authentication and authorization
process.
Pratiba D : R V College of Engineering
Bangalore, Karnataka, India
Dr. Shobha G : R V College of Engineering
Bangalore, Karnataka, India
Arjun A : R V College of Engineering
Bangalore, Karnataka, India
Cloud Computing
Access Control
Authentication
This paper analyzes various proposed models for user
authentication and access control mechanism in cloud
environment and identifies the various issues raised during
the process. The issues includes trust establishment among
cloud entities, security policies conflict management and break glass mechanism for accessing cloud resources
during emergency.
[1] David Hakobyan, “Authentication and Authorization
Systems in Cloud Environments”, Master of Science
Thesis, Stockholm, Sweden 2012, TRITA-ICT-EX-
2012:203
[2] Yonghe Wei, Chunjing Shi, Weiping Shao, ”An
Attribute and Rolebased Access Control Model for
Service-Oriented Environment”, IEEE ,2010, pp. 4451-
4455
[3] Chang. N. Zang, Cungang Yang, ”An Object-Oriented
RBAC Model for Distributed System”, in Proc.
Working IEEE/IFIP Conference on Software
Architecture, 2001, pp. 24-32.
[4] Kumar Gunjan, G. Sahoo, R.k.Tiwari, ”Identity
Management in Cloud Computing-A Review”,
International Journal of Engineering Research and
Technology (IJERT), ISSN: 2278-0181, Vol.1 issue 4,
June-2012
[5] Mostafa Hajivali, Maen T. Alrashdan, Faraz Fatemi
Moghaddam, Abdualeem Z. M. Alothmani, “Applying
an Agent-Based User Authentication and Access
Control Model for Cloud Servers”, IEEE, 2013,pp.
807-812
[6] V. Varadharajan, N. Kumar, Y. Mu, ”Security Agent
Based Distributed Authorization: An Approach”, the
21st National Information Systems Security
Conference (NISSC), USA, pp. 315-328(1998).
[7] J.-C. Birget, X. Zou, G. Noubir, B. Ramamurthy,
”Hierarchy-Based Access Control in Distributed
Environments”, IEEE International Conference on
Communication, 2001, vol. 1, pp. 229-233
[8] Cungang Yang, Chang N. Zhang,”Designing Secure ECommerce
with Role-based Access Control”, in Proc.
IEEE International Conference on E-Commerce, 0-
7695-1969-5/03, 2003
[9] Lingli Zhao, Shuai Liu, Junsheng Li, Haicheng Xu,
Lingli Zhao, Shuai Liu,”A Dynamic Access Control
model based on Trust”, 2nd Conference on
Environmental Science and Information Application
Technology,2010, pp. 548-551.
[10] Faith Turkmen, Eunjin (EJ) Jung, Bruno Crispo,
”Towards Run-time Verification in Access Control”,
IEEE International Symposium on Policies for
Distributed Systems and Networks, 2011, pp. 25-32.
[11] Maninder Singh , Sarbjeet Singh, “Design and
Implementation of Multi-tier Authentication Scheme
in Cloud”, Intern ational Journal of Computer Science
Issues(IJCSI), ISSN (Online):1694-0814, Vol. 9,
Issue 5, No 2, pp. 181-187, September 2012.
[12] Sanjeet Kumar Nayak, Subasish Mohapatra,
Banshidhar Majhi, “ An Improved Mutual
Authentication Framework for Cloud Computing”,
International Journal of Computer Applications (0975
– 8887) Volume 52– No.5, pp. 36-41, August 2012
[13] Avvari Sirisha , G. Geetha Kumari, “API Access
Control in Cloud Using the Role Based Access Control
Model”, IEEE , 2010 , pp. 135-137.
[14] Hua-Hong Zhu, Qian-Hua He, Hua-Hong Zhu, Hong
Tang, Wei-Hua Cao, “Voiceprint-Biometric Template
Design and Authentication Based on Cloud Computing
Security “, IEEE International Conference on Cloud
and Service Computing,2011,pp.302-308
[15] Antonio Celesti, Francesco Tusa, Massimo Villari and
Antonio Puliafito, “Three-Phase Cross-Cloud
Federation Model: The Cloud SSO
Authentication”,IEEE Second International Conference
on Advances in Future Internet, 2010, pp. 94-101
[16] Abdelmajid Hassan Mansour Emam, “Additional
Authentication and Authorization using Registered
Email-ID for Cloud Computing “ , International
Journal of Soft Computing and Engineering (IJSCE)
ISSN: 2231-2307, Volume-3, Issue-2, May 2013, pp.
110-113.
[17] Ashish G. Revar, Madhuri D. Bhavsar, “Securing User
Authentication using Single SignOn in Cloud
Computing” , IEEE , 2011, pp. 1-4. [18] Rohitash Kumar Banyal, Pragya Jain, Vijendra Kumar
Jain,” Multi-factor Authentication Framework for
Cloud Computing”,IEEE Fifth International
Conference on Computational Intelligence, Modelling
and Simulation,2013,pp. 105-110.
[19] Manoj V. Thomas, K. Chandra Sekaran, “Agent-Based
Approach for Distributed Access Control in Cloud
Environments”, 2013 International Conference on
Advances in Computing, Communications and
Informatics (ICACCI),IEEE, pp. 1628-1633.